Cookie Policy
This Cookie Policy ("Policy") explains how Surge Growth Technologies Private Limited (CIN: U62099KA2024PTC188794; GSTIN: 29ABNCS4910L1ZR), registered at B-501, Sumadhura Essenza, Hosa Road Junction, Begur, Electronics City, Bangalore, Karnataka – 560100, India ("Surge Growth", "we", "us") uses cookies and similar tracking technologies when you visit or use surgegrowth.io ("Website" / "Platform").
This Policy should be read alongside our Privacy Policy and Terms of Service, both available at surgegrowth.io. By continuing to use the Website, you acknowledge this Policy. Where your explicit consent is required (EU/UK users), we will seek it through our cookie consent banner before placing non-essential cookies.
1. What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites function correctly, work more efficiently, and provide information to website operators.
In addition to cookies, we may use similar technologies such as:
- Web beacons / pixels — tiny transparent images embedded in pages or emails that track page loads and email opens
- Local storage — data stored locally in your browser (similar to cookies but not transmitted with each request)
- Session storage — temporary data stored for the duration of a browser session, automatically cleared on close
- Log files — server-side records of page requests including IP address, browser type, and timestamp
For simplicity, all of the above are collectively referred to as "cookies" throughout this Policy.
2. Types of Cookies We Use
Cookies are classified by duration and purpose. The table below sets out all categories of cookies — those we currently use and those we do not — so you have complete transparency.
| Cookie Category | Purpose | Examples / Providers | Duration | Can Be Opted Out? |
|---|---|---|---|---|
| ✅ Strictly Necessary | Essential for the Website to function. Enable login, session management, security tokens, and CSRF protection. Cannot be disabled without breaking the Platform. | Session ID cookies, CSRF tokens, authentication state | Session (cleared on browser close) | No — required for platform operation |
| ✅ Analytics & Performance | Collect anonymised or pseudonymous data on how visitors use the Platform — pages visited, features used, time on page, error reports. | Google Analytics (GA4), Hotjar, Mixpanel, Amplitude | 1 month – 2 years (varies by tool) | Yes — opt out via browser or consent banner |
| ✅ Functional / Preference | Remember your preferences such as language, display settings, and Slack integration state to provide a personalised experience across sessions. | User preference cookies, UI state cookies | Up to 12 months | Yes — opt out via browser settings |
| ❌ Marketing / Advertising | Track browsing behaviour to serve targeted advertisements on third-party websites. surgegrowth.io does NOT use advertising or retargeting cookies. | Not used | N/A | N/A — not in use |
| ❌ Social Media | Enable content sharing to social networks and track social media interactions. surgegrowth.io does NOT embed social media tracking pixels. | Not used | N/A | N/A — not in use |
3. First-Party and Third-Party Cookies
3.1 First-Party Cookies
First-party cookies are set directly by Surge Growth on surgegrowth.io. These include session management and authentication cookies necessary for you to log in and use the Platform. All first-party cookie data is stored on our servers in AWS (Mumbai, India) and Google Cloud (East, India).
3.2 Third-Party Cookies
Third-party cookies are set by external service providers when you use certain features of the Platform. We currently use the following third-party analytics providers:
| Provider | Category | Data Collected | Opt-Out Link |
|---|---|---|---|
| Google Analytics (GA4) | Analytics | Page views, session duration, device info, anonymised IP | tools.google.com/dlpage/gaoptout |
| Hotjar | Analytics / UX | Heatmaps, session recordings (anonymised), click patterns | hotjar.com/legal/compliance/opt-out |
| Mixpanel / Amplitude | Product Analytics | Feature usage, event tracking, user flows (pseudonymised) | Available in account settings |
These third-party providers have their own privacy and cookie policies. We recommend reviewing their policies directly. Surge Growth does not control how these providers process the data they collect through their cookies.
4. Cookie Consent
4.1 Our Consent Approach
Strictly necessary cookies do not require consent as they are essential for the Platform to operate. All other cookies (analytics, functional) require consent in jurisdictions where such consent is legally mandated.
Surge Growth is in the process of implementing a cookie consent banner on surgegrowth.io. Once live, the banner will:
- Appear on first visit before any non-essential cookies are placed
- Offer a granular opt-in — users can accept all, reject all, or customise by cookie category
- Store your consent preference for 12 months before requesting renewal
- Allow you to change your preference at any time via the "Cookie Settings" link in the website footer
- Not use pre-ticked boxes, dark patterns, or bundled consent
4.2 Jurisdiction-Specific Consent Rules
🇮🇳 India (IT Act 2000 / DPDPA 2023): Analytics cookies are currently used under our legitimate interest in improving the Platform. The DPDPA 2023 rules on cookies are pending notification. We will implement explicit consent mechanisms as required when Rules are notified.
🇪🇺 European Union (GDPR + ePrivacy Directive): Non-essential cookies require prior, freely given, specific, informed, and unambiguous consent under the ePrivacy Directive and GDPR Art. 6(1)(a). Consent cannot be implied by continued use of the website. Until our consent banner is deployed, EU users may block non-essential cookies via their browser settings. No analytics cookie data from EU users will be used for any purpose other than anonymised, aggregate platform analytics.
🇬🇧 United Kingdom (UK GDPR + PECR): The same consent standard applies as for EU users. UK users may opt out via browser settings pending the consent banner deployment.
🇺🇸 United States (CCPA / CPRA — California): Surge Growth does not "sell" or "share" personal information collected via cookies for cross-context behavioural advertising. California users have the right to opt out of any such sharing. Our analytics cookies do not constitute a "sale" of personal information under CCPA. Additional state-specific laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA) are similarly addressed — we do not engage in targeted advertising.
5. How to Manage & Control Cookies
5.1 Browser-Level Controls
You can manage, block, or delete cookies at any time through your browser settings. Below are direct links to cookie management instructions for major browsers:
| Browser | Cookie Settings Path | Support Link |
|---|---|---|
| Google Chrome | Settings → Privacy and Security → Cookies and other site data | support.google.com/chrome/answer/95647 |
| Mozilla Firefox | Settings → Privacy & Security → Cookies and Site Data | support.mozilla.org/en-US/kb/cookies-information |
| Safari (Mac/iOS) | Preferences → Privacy → Manage Website Data | support.apple.com/guide/safari |
| Microsoft Edge | Settings → Cookies and site permissions → Cookies | support.microsoft.com/microsoft-edge |
| Opera | Settings → Advanced → Privacy & Security → Site Settings | help.opera.com |
5.2 Third-Party Opt-Out Tools
You may also use the following industry opt-out tools:
- Google Analytics Opt-Out Add-on: tools.google.com/dlpage/gaoptout — browser extension that prevents GA data collection
- NAI Opt-Out Tool: optout.networkadvertising.org — opt out of interest-based advertising from NAI member companies
- YourAdChoices / DAA: youradchoices.com — US-based ad industry opt-out
- Your Online Choices (EU): youronlinechoices.eu — European Interactive Digital Advertising Alliance opt-out
5.3 Do Not Track (DNT)
Some browsers offer a "Do Not Track" (DNT) signal. Surge Growth currently does not alter its data collection practices based on DNT signals, as there is no uniform standard for how websites should respond to DNT. We will reassess this position as standards evolve.
6. Data Collected Through Cookies
Cookies on surgegrowth.io may collect the following data:
- Device and browser information — browser type and version, operating system, screen resolution, device type
- Usage data — pages visited, features clicked, time spent on pages, navigation paths, errors encountered
- Session data — session start/end times, session duration, number of pages viewed per session
- Referring URL — the website or link that directed you to surgegrowth.io
- Anonymised / truncated IP address — used for geographic analytics (country/city level only); full IP is not stored
- Authentication state — whether you are logged in (strictly necessary, not used for tracking)
We do not collect personally identifiable information such as your name, email address, or payment details through cookies. Analytics data is either anonymised or pseudonymised at the point of collection. All cookie data is processed in accordance with our Privacy Policy.
7. Cookie Data Retention
Cookie data is retained for the following periods:
| Cookie Type | Retention Period | Data Category |
|---|---|---|
| Session Cookies | Deleted automatically when the browser is closed | Login sessions, CSRF tokens |
| Analytics Cookies (GA4) | 13 months (Google's default retention) | Page view and session data |
| Hotjar Cookies | 365 days | Heatmap and session recording data |
| Mixpanel / Amplitude | Up to 25 months (product analytics) | Feature usage and event data |
| Functional / Preference | Up to 12 months | UI preferences, display settings |
8. Your Rights in Relation to Cookie Data
To the extent that cookie data constitutes personal data, you have the following rights depending on your jurisdiction:
8.1 All Users
- Withdraw consent for non-essential cookies at any time via browser settings or our consent banner (once deployed)
- Request information about what cookie data is collected about you
- Request deletion of analytics data associated with your session or device
8.2 EU / UK Users (GDPR / UK GDPR)
- Right to object to processing of personal data collected through analytics cookies (Art. 21 GDPR)
- Right of access to personal data collected through cookies (Art. 15 GDPR)
- Right to erasure of cookie-related personal data (Art. 17 GDPR)
- Right to lodge a complaint with your national Data Protection Authority (DPA)
8.3 California Users (CCPA / CPRA)
- Right to know what personal information is collected through cookies
- Right to opt out of the sale or sharing of personal information — we do not sell or share cookie data
- Right to delete personal information collected through cookies
- Right to non-discrimination for exercising these rights
To exercise any of these rights, contact our Grievance Officer at vaibhav@surgegrowth.io.
9. Cookies & B2B Context
surgegrowth.io is a B2B-only platform. Cookies on this Platform are used to manage business accounts and improve the Platform experience for authorised business representatives — not for consumer profiling or behavioural advertising.
Business customers who use the Platform to manage their own clients' ad campaigns (e.g. Google Ads, Meta Ads) should note that any tracking technologies used within those clients' ad accounts are governed by Google's and Meta's own terms and privacy policies, not by this Cookie Policy. Surge Growth's Cookie Policy applies only to the surgegrowth.io website and Platform.
10. Updates to This Cookie Policy
Surge Growth may update this Cookie Policy from time to time to reflect changes in the cookies we use, new legal requirements, or improvements to our consent management. Updates will be posted on this page with a revised "Last Updated" date.
For material changes (e.g. introducing a new cookie category, adding advertising cookies), we will provide at least 30 days' advance notice via email to registered users and through a prominent notice on the Website. Your continued use of the Website after the effective date constitutes acceptance of the updated Policy.
We recommend reviewing this Policy periodically. You can always access the current version at surgegrowth.io/cookie-policy.
11. Contact & Grievance Officer
For any questions, concerns, or requests relating to this Cookie Policy or our use of cookies:
Grievance Officer: Vaibhav Dusad
Designation: Co-Founder, Surge Growth Technologies Private Limited
Email: vaibhav@surgegrowth.io
Address: B-501, Sumadhura Essenza, Hosa Road Junction, Begur, Electronics City, Bangalore, Karnataka – 560100, India
Website: surgegrowth.io
Response Time: Acknowledgement within 24 hours | Resolution within 15 days
Schedule A — Applicable Laws & Compliance Reference
| Jurisdiction | Law / Regulation | Key Cookie Obligations |
|---|---|---|
| 🇮🇳 India | IT Act, 2000 & IT Rules, 2011 §43A | Reasonable security, data collection transparency |
| 🇮🇳 India | DPDPA, 2023 | Consent for personal data processing; rules pending notification |
| 🇪🇺 EU | ePrivacy Directive 2002/58/EC (Cookie Law) | Prior informed consent required for non-essential cookies |
| 🇪🇺 EU | GDPR (EU) 2016/679 Art. 6(1)(a), Art. 7 | Explicit, withdrawable consent; no implied consent from continued use |
| 🇬🇧 UK | UK GDPR + PECR (Privacy & Electronic Communications Regs) | Same consent standard as GDPR; applies post-Brexit |
| 🇺🇸 US | CCPA / CPRA (California) | No sale or sharing of personal data; right to opt out, know, delete |
| 🇺🇸 US | Virginia CDPA, Colorado CPA, Connecticut CTDPA | State-level consent rights; opt-out of targeted advertising |
| 🌍 Global | IAB Transparency & Consent Framework (TCF 2.2) | Industry standard for cookie consent management |